Pretty Dangerous Format The Rising Trend of PDF Attacks

1Pretty Dangerous Format The Rising Trend of PDF Attacks

Malicious hackers use the PDF file format’s extended features against users by modifying PDF files in order use them as attack tools that exploit vulnerabilities in the Adobe products that read the files.

2No Title

According to Symantec’s Internet Security Threat Report, researchers at the company estimated that 49 percent of all web-based attacks in 2009 used infected PDF files to propagate.

3No Title

McAfee says that in 2007 and 2008, only 2 percent of all malware exploited vulnerabilities in Adobe Reader or Adobe Acrobat.

4No Title

In 2009, the percent of malware exploiting Reader and Acrobat vulnerabilities jumped to 17 percent.

5No Title

And in the first quarter of 2010, McAfee researchers say the number jumped up to 28 percent.

6No Title

Meanwhile, security researchers at F-Secure said that among the 900 targeted attacks it found during the first two months of 2010, 61 percent exploited Reader vulnerabilities.

7No Title

Last month Trend Micro highlighted one example of how a recent malicious PDF worked, alerting users that hackers embed malicious objects that exploit Adobe buffer overflow and TIFF vulnerabilities.

8No Title

That exploit then allows the Trojan to connect to malicious URLs in order to download more damaging files on the machine to continue the attack.

9No Title

Meanwhile, numerous security researchers last month warned that crooks are taking advantage of a design flaw in the "/LAUNCH" feature in PDFs to develop new attacks.

10No Title

The feature allows PDFs to execute code using the "/Launch" command. Hackers can create a malicious PDF that launches CMD.EXE in order to create malicious scripts that attack the system.

11No Title

You can help mitigate the risk of PDF attacks through the following steps:• Keep Systems Patched• Harden Configurations To Disallow Unnecessary Features• Keep Security Systems Updated• Train The Users

12No Title

Keep Systems PatchedA great deal of PDF attacks take advantage of vulnerabilities for which Adobe has already released patched–including the ones Trend Micro warned about.

13No Title

Harden Configurations to Disallow Unnecessary FeaturesSome vulnerabilities–such as the "/Launch" design flaw–still remain unpatched. However, partners can help customers mitigate risk by configuring systems to block such features for better protection.

14No Title

Keep Security Systems UpdatedAlways make sure your customers’ threat protection systems are continuously updated–security vendors try to stay on top of the most recent PDF threats.

15No Title

Train the UsersMany PDF attacks can be stopped dead in their tracks if users simply choose not to open errant spam attachments.


Must Read